Authentication is basically an identification step.

Functionality used for J2EE security:

Principal: An entity that may be authenticated and identified.

Principal name: Identity of a principal like user id and password.

Credential: Information like certificate or password, which may authenticate a principal.

Subject: A set of rules and their credentials associated with a thread of execution.

Authentication: The steps by which a server verifies the identity represented by a user through certificate or username/userid and password. E.g: the password and username supplied by the user may be checked against a database server or an LDAP server to verify he is whom he claims to be.

Authentication methods:

Basic/Digest authentication: Browser password and specific is encoded using Base-64 encoding.Digest is same to basic but shielded the password through encryption. This is a simple challenge- respond scheme where the client is challenged for a password and user id. The Internet is broken into realms. 

Form-based authentication: Most Web applications give  the  form-based authentication since it allows applications to modifies the authentication interface. Uses base64 encoding, which may expose password and username unless all connections are over SSL.

Certificate based authentication: Uses SSL and PKI. This is by far the most secured authentication function. A user must give x.509 certificate to verify with the server.